Re: [Full-Disclosure] [suse-security] Anti-Virus Problem

• Previous message: GuidoZ: "Re: [Full-Disclosure] Re: Spyware installs with no interaction in IE on fully patched XP SP2 box"
• In reply to: Björn Scorey: "[Full-Disclosure] [suse-security] Anti-Virus Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Björn Scorey <bjornscorey@hotmail.com>
Date: Tue, 5 Oct 2004 11:38:43 +0400

Dear Björn Scorey,

It's expected behaviour. EICAR is executable file and eicar string
should only be detected in the beginning of the file.

--Monday, October 4, 2004, 9:33:18 PM, you wrote to full-disclosure@lists.netsys.com:

BS> Hi Everyone !

BS> I am running Suse 9.0 and I have installed 

BS> qmail (netqmail  Ver. 1.05)
BS> amavis (amavis-new Ver. 20030616p5-23)
BS> antivir (Ver 2.08-16) 

BS> Antivir seems to be an evaluation version. (The one that came with Suse 9.0) 

BS> I donwloaded the EICAR E-Mail Test Virus but when I send either
BS> an infected attachment or simply copy the virus string on the mail,
BS> the antivirus doesn't recognize the virus, and the mail passes
BS> normally. 

BS> However when I run antivir on the infected file (attachment) by
BS> itself, it recognizes the virus. The same occured with f-prot
BS> (however I got some minor errors while installing f-prot). When I
BS> run either anti-virus scanner on my mailbox (mbox), none of them
BS> manage to see the virus. 

BS> Anyone has an idea what's wrong ? 

BS> Regards
BS> Björn

-- 
~/ZARAZA
Êëÿíóñü ëûñèíîé ïðîðîêà Ìîèñåÿ - ÿ òåáÿ ñåé÷àñ ñúåì. (Òâåí)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: GuidoZ: "Re: [Full-Disclosure] Re: Spyware installs with no interaction in IE on fully patched XP SP2 box"
• In reply to: Björn Scorey: "[Full-Disclosure] [suse-security] Anti-Virus Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Antivirus engine check utility ... I customarily email eicar to folks in offices I administer so that they know ... what happens when a virus is detected. ... > local client and detect the AV engine response (the EICAR string is ... (microsoft.public.security) Re: eSafe: Could this be exploited? ... the eicar virus. ... Of course I have configure esafe to block virus infected emails ... > error to client and make him to delete partially downloaded data. ... (Bugtraq) Re: Antivir ... Da hast du einen bösen Virus erwischt. ... >> System scannen, oder neuinstallieren. ... Danach sollte nach einem Neustart auch Antivir wieder laufen. ... Next by Date: ... (microsoft.public.de.german.windowsxp.sonstiges) Re: Running program files on XP with non-executable extension? ... > virus guard says may be a virus. ... > adding a couple of random letters to the extension. ... But my antivirus guard 'AntiVir PE' warned ... > AntiVir PE's guard does not detect it as a virus. ... (comp.security.misc) Re: Running program files on XP with non-executable extension? ... > virus guard says may be a virus. ... > adding a couple of random letters to the extension. ... But my antivirus guard 'AntiVir PE' warned ... > AntiVir PE's guard does not detect it as a virus. ... (alt.computer.security)